We are getting a fractional T at work. We have a small network around 30ish workstations. We wont have any web server in house, the T is going to be used for voice transfer (phone lines) and connecting the workstations to the internet. We will be using a Cisco 1720 router. What is the least expensive security I will need to do? Do I need a firewall on each machine or just one machine? I am new to security and internet so have to bare with me. Any suggestions will be helpful. Thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Firewall ???
- Thread starter bfletch
- Start date
The security is a a little bit a question of price and your applications:
A cheap solution is the use of a proxy server like Wingate or MS-Proxy(more expensive) if you do not have server applications to the Internet like yahoo-pager or Instant messenger.
If you have private Server Applications think about Products like PGP-Net.
If there are public server Applications like a Webserver then in my Opinion the only Way is to disconnect this computer from the local Network.
What is absolutely necessary is a Virusscanner which may be Updated all the time on each computer.
hnd
hasso55@yahoo.com
A cheap solution is the use of a proxy server like Wingate or MS-Proxy(more expensive) if you do not have server applications to the Internet like yahoo-pager or Instant messenger.
If you have private Server Applications think about Products like PGP-Net.
If there are public server Applications like a Webserver then in my Opinion the only Way is to disconnect this computer from the local Network.
What is absolutely necessary is a Virusscanner which may be Updated all the time on each computer.
hnd
hasso55@yahoo.com
I have to disagree with hnd a bit -- Proxy Servers are not a security solution. You should definately think about using one, it will help reduce the load on your T-1 line by locally caching web pages, but it is not going to protect you from the bad guys.
You are correct in thinking that you need a firewall - you only need one - between your router and your users. There are a bunch of firewalls to choose from, ones that run on Win95/98/ME (definately stay away from making a firewall out of one of these for your business), WinNT or Linux. My personal preference is Linux using IPTables, however, you may not be familiar with Linux - stay with an OS you are familiar with. I am not sure of the best (inexpensive) firewall for NT - I just deal with the ones that are tens of thousands a piece.
Some of the names I have heard floating around are Black Ice, Zone Alarm, WinRoute (I think that's the name of it - not sure if it runs on NT)
Actually one of the first things that you can do is put Access Control Lists on the Router. You can limit somewhat the traffic that can flow across the router.
Make sure that whatever solution you put in (NT or Linux) you tighten down the base OS -- ie turn off any unnecessary services - the firewall should not run telnet, ftp, finger, rpc, etc etc etc.
You might also want to consider talking to a consultant about what your solution should be and possible have them install it. Security can be a tricky proposition - there are a number of little things that need to be addressed. Spending a couple thousand to get the infrastructure in place could pay for itself with the first unknown attack...
I hope this helps a little bit,
Paul
You are correct in thinking that you need a firewall - you only need one - between your router and your users. There are a bunch of firewalls to choose from, ones that run on Win95/98/ME (definately stay away from making a firewall out of one of these for your business), WinNT or Linux. My personal preference is Linux using IPTables, however, you may not be familiar with Linux - stay with an OS you are familiar with. I am not sure of the best (inexpensive) firewall for NT - I just deal with the ones that are tens of thousands a piece.
Some of the names I have heard floating around are Black Ice, Zone Alarm, WinRoute (I think that's the name of it - not sure if it runs on NT)
Actually one of the first things that you can do is put Access Control Lists on the Router. You can limit somewhat the traffic that can flow across the router.
Make sure that whatever solution you put in (NT or Linux) you tighten down the base OS -- ie turn off any unnecessary services - the firewall should not run telnet, ftp, finger, rpc, etc etc etc.
You might also want to consider talking to a consultant about what your solution should be and possible have them install it. Security can be a tricky proposition - there are a number of little things that need to be addressed. Spending a couple thousand to get the infrastructure in place could pay for itself with the first unknown attack...
I hope this helps a little bit,
Paul
@pmkincaid
You are right Proxies are not an absolute Security Tool, but the Wingate and MS-Proxy have Firewallfunctions included: If you do not have Server Applications on your Computer, you can block all requests from outside.
To detect Trojan Horses is the Responsibility of Virus Scanners.
I agree with you that a Solution with a Cisco Router is more safe but also more expensive, and sometimes dependent on the application "overengineered".
To make a Securityconcept it would be necessary to know details that should not be posted in a public Forum.
I am responsible for a small company network, and I used the Wingate Solution. Up to now there was no problem from Outside although there had been lot of Attacks (one Time sub7).
The only "Problem" was a Virus, but this came from an old Floppy Disk from Inside.
hnd
hasso55@yahoo.com
You are right Proxies are not an absolute Security Tool, but the Wingate and MS-Proxy have Firewallfunctions included: If you do not have Server Applications on your Computer, you can block all requests from outside.
To detect Trojan Horses is the Responsibility of Virus Scanners.
I agree with you that a Solution with a Cisco Router is more safe but also more expensive, and sometimes dependent on the application "overengineered".
To make a Securityconcept it would be necessary to know details that should not be posted in a public Forum.
I am responsible for a small company network, and I used the Wingate Solution. Up to now there was no problem from Outside although there had been lot of Attacks (one Time sub7).
The only "Problem" was a Virus, but this came from an old Floppy Disk from Inside.
hnd
hasso55@yahoo.com
You could always look at getting the Cisco IOS Programming for your router and secure your connectivity at the Router. I've been investigating this for a current solution and believe that is also an option, although not all that much more cost affective compared to something like MS Proxy. Jason Wilder
IT/CAD Manager
IT/CAD Manager
If you want to stick with a Windows NT/2000 proxy/firewall, get CheckPoint Firewall-1.
My recommendation if you are into Unix at all, is get FreeBSD or OpenBSD and use IPfilter. The BSDs are demonstrably more stable and secure than Linux, though maybe not as user friendly. Even a very low-powered machine will show almost no CPU load under heavy network usage. The BSD people wrote the book on TCP/IP, so it only makes sense to go to the source.
My recommendation if you are into Unix at all, is get FreeBSD or OpenBSD and use IPfilter. The BSDs are demonstrably more stable and secure than Linux, though maybe not as user friendly. Even a very low-powered machine will show almost no CPU load under heavy network usage. The BSD people wrote the book on TCP/IP, so it only makes sense to go to the source.
- Status
Similar threads
- Locked
- Question
- Locked
- Question